Asp.net core NET核心&;OpenID连接重定向到外部身份提供程序
我已经使用OpenID Connect构建了一个身份提供者,以利用OAuth2访问令牌提供身份验证和授权。服务器上的授权工作流正常工作;但是,当身份验证失败时,我似乎无法让我的ASP.NET核心客户端自动重定向到OpenID连接提供程序。我目前刚刚收到401 这是我的startup.cs:Asp.net core NET核心&;OpenID连接重定向到外部身份提供程序,asp.net-core,openid-connect,Asp.net Core,Openid Connect,我已经使用OpenID Connect构建了一个身份提供者,以利用OAuth2访问令牌提供身份验证和授权。服务器上的授权工作流正常工作;但是,当身份验证失败时,我似乎无法让我的ASP.NET核心客户端自动重定向到OpenID连接提供程序。我目前刚刚收到401 这是我的startup.cs: public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFac
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseCookieAuthentication();
var options = new OpenIdConnectOptions
{
Authority = "http://localhost:63467",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet,
AuthenticationScheme = "oidc",
ClientId = "2",
ClientSecret = "alskghalsd",
Configuration =
new OpenIdConnectConfiguration
{
AuthorizationEndpoint =
"http://localhost:63467/connect/authorize",
TokenEndpoint =
"http://localhost:63467/connect/token"
},
PostLogoutRedirectUri = "/",
ResponseType = "Code",
RemoteSignOutPath = "/signout",
UseTokenLifetime = true,
SaveTokens = true,
SignInScheme = "Cookies",
RequireHttpsMetadata = false
};
options.Scope.AddRange(new[] { "openid name role profile" });
app.UseOpenIdConnectAuthentication(options);
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
我最终解决了这个问题,使用IdentityServer作为身份端点托管了一个应用程序,并相应地配置了我的客户端
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc(
opts =>
{
// custom api exception filter
opts.Filters.Add(typeof(ApiExceptionFilter));
});
services.Configure<IISOptions>(
options =>
{
options.AutomaticAuthentication = false;
options.ForwardClientCertificate = false;
options.ForwardWindowsAuthentication = false;
});
services.AddSingleton(this.Configuration);
services.AddIdentityServer();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies" });
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
// get values from config
IConfigurationSection clientSettings = this.Configuration.GetSection("AppSettings:ClientSettings");
string[] scopes = clientSettings["Scope"].Split(' ');
var oidcOptions = new OpenIdConnectOptions
{
AuthenticationScheme = clientSettings["AuthenticationScheme"],
SignInScheme = clientSettings["SignInScheme"],
Authority = clientSettings["Authority"],
ClaimsIssuer = clientSettings["ClaimsIssuer"],
RequireHttpsMetadata =
clientSettings.GetValue<bool>("RequireHttpsMetadata"),
ClientId = clientSettings["ClientId"],
ClientSecret = clientSettings["ClientSecret"],
ResponseType = clientSettings["ResponseType"],
GetClaimsFromUserInfoEndpoint = clientSettings.GetValue<bool>("GetClaimsFromUserInfoEndpoint"),
SaveTokens = clientSettings.GetValue<bool>("SaveTokens")
};
foreach (var scope in scopes)
{
oidcOptions.Scope.Add(scope);
}
app.UseOpenIdConnectAuthentication(oidcOptions);
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
public void配置服务(IServiceCollection服务)
{
//添加框架服务。
services.AddMvc(
选项=>
{
//自定义api异常过滤器
添加(typeof(apieexceptionfilter));
});
服务。配置(
选项=>
{
options.AutomaticAuthentication=false;
options.ForwardClientCertificate=false;
options.ForwardWindowsAuthentication=false;
});
services.AddSingleton(this.Configuration);
services.AddIdentityServer();
}
公共void配置(IApplicationBuilder应用程序、IHostingEnvironment环境、iLogger工厂)
{
app.UseCookieAuthentication(新的CookieAuthenticationOptions{AuthenticationScheme=“Cookies”});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
//从配置中获取值
IConfigurationSection clientSettings=this.Configuration.GetSection(“AppSettings:clientSettings”);
字符串[]scopes=clientSettings[“Scope”]。拆分(“”);
var oidcOptions=新的OpenIdConnectOptions
{
AuthenticationScheme=clientSettings[“AuthenticationScheme”],
signnscheme=clientSettings[“signnscheme”],
权限=客户端设置[“权限”],
ClaimsIssuer=clientSettings[“ClaimsIssuer”],
RequireHttpsMetadata=
clientSettings.GetValue(“RequireHttpsMetadata”),
ClientId=clientSettings[“ClientId”],
ClientSecret=clientSettings[“ClientSecret”],
ResponseType=clientSettings[“ResponseType”],
GetClaimsFromUserInfoEndpoint=clientSettings.GetValue(“GetClaimsFromUserInfoEndpoint”),
SaveTokens=clientSettings.GetValue(“SaveTokens”)
};
foreach(作用域中的变量作用域)
{
oidcOptions.Scope.Add(Scope);
}
app.UseOpenIdConnectAuthentication(oidcOptions);
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
在将此标记为允许其他人提供替代解决方案的答案之前,我将等待一段时间